Hi guys!
Is there anyway I can force my SSSD clients running 1.9.5 (Ubuntu 12.04) and 1.9.2 (CentOS 6) to bind to LDAPs (port 636) instead of LDAP (port 389) when my providers are all set to "ad"?
Consequently, I'll need to specify a certificate to be used to verify the server's authenticity.
I'm using service discovery and have SRV records in place on my domain controllers.
Here's my config: [sssd] config_file_version = 2 debug_level = 0 reconnection_retries = 3 sbus_timeout = 30 services = nss, pam domains = DOMAIN
[pam] debug_level = 0
[nss] debug_level = 0 filter_users = root,ldap,named,avahi,haldaemon,dbus,radvd,tomcat,radiusd,news,mailman,nscd,gdm filter_groups = root,ldap,named,avahi,haldaemon,dbus,radvd,tomcat,radiusd,news,mailman,nscd,gdm reconnection_retries = 3
[domain/DOMAIN] debug_level = 0 ad_domain = DOMAIN.local id_provider = ad auth_provider = ad chpass_provider = ad access_provider = ad enumerate = true cache_credentials = true fallback_homedir = /home/%u dyndns_update = true dyndns_update_ptr = true ldap_schema = ad ldap_id_mapping = true
Thanks!
-Chris